Vulnerabilities > Enphase > Envoy

DATE CVE VULNERABILITY TITLE RISK
2019-02-09 CVE-2019-7678 Path Traversal vulnerability in Enphase Envoy
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.
network
low complexity
enphase CWE-22
7.5
7.5
2019-02-09 CVE-2019-7677 Cross-site Scripting vulnerability in Enphase Envoy
XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.
network
enphase CWE-79
4.3
4.3
2019-02-09 CVE-2019-7676 Weak Password Requirements vulnerability in Enphase Envoy
A weak password vulnerability was discovered in Enphase Envoy R3.*.*.
network
low complexity
enphase CWE-521
6.5
6.5